We’ve got exciting news: our latest guest blog post, Beneath the Solder Mask, has just been published by the UK Cyber Security Council!
This marks a significant milestone for us, not just in terms of visibility but also in contributing to a national conversation on hardware and embedded systems security.
10/06/2025 Article
Our published piece, Beneath the Solder Mask, takes a critical look at the hidden vulnerabilities embedded in the physical layers of modern electronic systems. We focus on the immediate technical vectors, but also highlight how these overlooked attack surfaces can render traditional software-layer mitigations useless.
We also explore the idea of hardware as a boundary layer. It is both a point of trust and a source of exposure. By bringing these discussions into the mainstream via the UK Cyber Security Council, we want to raise wider awareness of embedded system security as a frontline issue. This should never have become a niche concern.
For too long, hardware security has remained a backwater in broader cyber strategy conversations. We are not talking about hypothetical supply chain compromise or speculative attack chains. We are describing artefacts our team has directly unearthed during client engagements. Things like unpopulated but live JTAG headers, test points wired straight to EEPROM, and solder-bridged bypasses that neuter entire security models as well as other weird and wonderful ways that engineers have brought these components together.
Having this article featured by the UK Cyber Security Council is a recognition that hardware exploitation needs to be more than a footnote in risk assessments. It validates what we, and a growing number of practitioners, have been arguing. You cannot build secure systems without looking beneath the solder mask.
We are not stopping at blog posts. This publication directly supports our training efforts. From 23 to 27 June 2025, we are running a public, hands-on training course: Electronics and PCB Reverse Engineering. The course teaches exactly the kind of skills discussed in the article. It covers safe teardown and circuit tracing, component reidentification, overcoming challenging connectivity and debugging access when it all goes wrong, how chip to chip communication protocols actually work and how logic analysers can help.
This is not just another theory-heavy slide deck. Participants will spend time on the bench with real gear, real boards, and real problems. We are keeping it practical, intense, and focused on what actually happens in red team hardware engagements.
We have also been able to modify our course structure a little following some feedback – we now offer the ability to attend the first two days, the Deep Dive last three days, or all five days for the full course.
Come get your hands dirty. See what lies beneath the mask.
